Skip to content
Permalink
Browse files Browse the repository at this point in the history
request #24149: Indirect LDAP injection via the ldap_id attribute of …
…a user

A taint annotation has been added to hightlight the issue. A more global
work on this topic will be done in independant contributions.

Change-Id: I969d0ba6d2ff85b418bcaf728f49afc78dd49571
  • Loading branch information
LeSuisse committed Nov 17, 2021
1 parent c30d68c commit bd47f29
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
Expand Up @@ -76,7 +76,7 @@ public function syncAll()

public function ldapSync($row, $users_are_suspendable = true)
{
$ldap_query = $this->ldap->getLDAPParam('eduid') . '=' . $row['ldap_id'];
$ldap_query = $this->ldap->getLDAPParam('eduid') . '=' . ldap_escape($row['ldap_id'], '', LDAP_ESCAPE_FILTER);
$userSync = $this->getLdapUserSync();
$attributes = $userSync->getSyncAttributes($this->ldap);

Expand Down
Expand Up @@ -177,6 +177,7 @@ public function fetch($result);
* @param type $result
*
* @return type
* @psalm-taint-source ldap
*/
public function fetchArray($result);

Expand Down

0 comments on commit bd47f29

Please sign in to comment.